Google recently announced that the majority of the connections on its platforms are now secured by HTTP Strict Transport Policy (HSTS), a form of encryption which helps secure data while in transit. These web connections protect against eavesdroppers, man-in-the-middle attacks, and hijackers who attempt to spoof a trusted website.
HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites.
According to Google, the implementation of HSTS is usually a straightforward issue, but due to Google’s particular “complexities,” extra work was needed to make HSTS implementation on Google platforms a reality.
For instance, Google had to address mixed content, bad HREFs, redirects to HTTP, and other issues such as updating legacy services which could cause problems for users as they try to access the company’s core domain.
Google also announced that YouTube.com would also gain HSTS protection, and that it would secure YouTube.com over an encrypted HTTPS channel for 97 percent of its users.